New SecretOps Provider – Evaluate Doppler Over Current ESC Solution
I am considering a change in our SecretOps provider to enhance our development experience and efficiency.
This comparison evaluates four potential solutions – Infisical, Pulumi ESC, HashiCorp Vault, and Doppler – based on factors such as pricing, integration capabilities, user experience, and our specific organizational needs.
We leave out of scope the Cloud Provider solutions such as AWS Secret Manager, GCP Secret Manager and Azure Key Vault since they are cloud dependent and the DX is bad as detailed here.
- Pricing: High cost; $1.58/hour leading to over $1000/month. Only 25 free secret quotes.
- User Experience: Pricing model is not transparent.
- Conclusion: Not considered due to high cost and limited free offerings.
- Pricing: Free (current status).
- Integration: Good with Pulumi ecosystem.
- User Experience: Early stage solution, not lots of integrations, so not the best developer experience (DX) yet, lack of GitHub Secrets sync.
- Issues: Deprecated GitHub Actions, manual secret export, out-of-sync local ENV files.
- Conclusion: Potential but immature in its current stage.
- Pricing: Free for up to 5 developers; $6/month per additional developer on the lowest tier.
- User Experience: Good overall; self-hosting option available, Open Source.
- Issues: Slow Dashboard UI, lack of Code Editor plugin, GitHub Application installation restrictions to install in the whole Organization (big issue).
- Conclusion: Good option, but some major drawbacks.
- Pricing: Free for 3 developers; $7/month for additional users.
- User Experience: Excellent; intuitive and efficient.
- Features: Environment management, local .env file elimination, fast UI, VSCode Plugin, correct GitHub Secrets sync, correct GitHub App permissions to install in each repository. In particular, the VSCode Plugin can edit the secrets locally and automatically upload and sync to the cloud, amazing DX, no need to even open the dashboard UI
- Issues: Not open source; higher-tier pricing concerns.
- Conclusion: Best DX; recommended for trial.
Based on the comparison, Doppler is recommended for trial due to its superior developer experience and comprehensive feature set. However, monitoring cost implications and potential improvements in other Open Source services like Infisical or ESC is advised for future considerations in around 2 years.
Proposed
Feature/Service | HashiCorp Vault | ESC (Pulumi) | Infisical | Doppler |
---|---|---|---|---|
Pricing | High | Free (for now) | Affordable | Moderate |
Developer Experience | - | Not there yet | Good | Excellent |
GitHub Sync | - | No | No | Yes |
Open Source | Yes | Yes | Yes | No |
- The best DX currently in the market
- No more
.env
local files so less problems and differences to debug - More security by not having
.env
files anymore - No more secrets being out of sync
- Until now we had to run
bun secrets:update
but its easy to forget and get everyone on the same boat - Secrets can be edited right in the editor as if they were locally by using the IDE Plugin
- Pricing is $7/month after the first 3 developers, but gains in productivity might be worth
- Not Open Source
No response